General
-
Target
edc0c4c2043ff9ef4b02e7094b0383c1_JaffaCakes118
-
Size
502KB
-
Sample
240920-rexptazgjf
-
MD5
edc0c4c2043ff9ef4b02e7094b0383c1
-
SHA1
b265f34039abd7ddcb408c5a300475ac71ef0c87
-
SHA256
c2f689ea53b5b838419afa2e4bb10f126cb98635093f9a6436337f318509d03a
-
SHA512
8591364aea062c81220e6ee83f6427c81868a809ecf8f285f2393589694dc81f3e11f0385c041baa2d85eb57402f7966c1ddda3a137a693046dca9f319758316
-
SSDEEP
6144:nbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9PHC:nQtqB5urTIoYWBQk1E+VF9mOx96
Malware Config
Targets
-
-
Target
edc0c4c2043ff9ef4b02e7094b0383c1_JaffaCakes118
-
Size
502KB
-
MD5
edc0c4c2043ff9ef4b02e7094b0383c1
-
SHA1
b265f34039abd7ddcb408c5a300475ac71ef0c87
-
SHA256
c2f689ea53b5b838419afa2e4bb10f126cb98635093f9a6436337f318509d03a
-
SHA512
8591364aea062c81220e6ee83f6427c81868a809ecf8f285f2393589694dc81f3e11f0385c041baa2d85eb57402f7966c1ddda3a137a693046dca9f319758316
-
SSDEEP
6144:nbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9PHC:nQtqB5urTIoYWBQk1E+VF9mOx96
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-